SQL Server Security

As this illustration shows, all four components of the BackOffice family of products leverage the security infrastructure and enabling technologies of Windows NT, but these remarks are restricted to SQL Server.

SQL Server 7.0 is a distributed, client/server, relational database server that supports the popular SQL query language. It often serves an enterprise back-end server for a variety of network client applications, such as Exchange Server. SQL Server is an interesting security story and perhaps best illustrates the convergence of BackOffice products around Windows NT. The popularity of SQL Server predates Windows NT, and therefore SQL Server implemented most of its own security. With the emergence of SQL Server version 7.0, SQL Server is now firmly integrated into the Windows NT security environment.

SQL Server fully supports Windows NT single-logon and user groups and will later leverage Kerberos authentication. It also implements its own internal roles, which are similar to Windows NT groups. SQL Server uses these roles for internal administration, and the advantage is that you do not need to clutter the Windows NT group list with groups internal to the server.

SQL Server applies access control to the database elements it manages (tables, views, stored procedures, and column-level permissions). Relational databases have a traditional format they use to present this access control, and therefore the format is different from other Windows NT ACLs, but the intent and degree of control are the same. You can assign a variety of database-specific permissions to Windows NT users, groups, or SQL Server roles. As in the Windows NT file system ACLs, you can also allow a group to control access to database element.

SQL Server creates a full transaction log, supports many internal administrative roles, and includes many other database-specific security features. Future plans may include using Secure RPC to encrypt network traffic.